Vulnerabilities > CVE-2018-1463 - Incorrect Authorization vulnerability in IBM products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products ( 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1) could allow an authenticated user to access system files they should not have access to some of which could contain account credentials. IBM X-Force ID: 140368.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Packetstorm
data source | https://packetstormsecurity.com/files/download/147601/ibmflashsystemstorwize-filereadxsrf.txt |
id | PACKETSTORM:147601 |
last seen | 2018-05-15 |
published | 2018-05-14 |
reporter | Jan Bee |
source | https://packetstormsecurity.com/files/147601/IBM-Flashsystem-Storwize-CSRF-Arbitrary-File-Read-Information-Disclosure.html |
title | IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure |
References
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012263
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012282
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
- http://www.ibm.com/support/docview.wss?uid=ssg1S1012283
- http://www.securityfocus.com/bid/104349
- http://www.securityfocus.com/bid/104349
- https://exchange.xforce.ibmcloud.com/vulnerabilities/140368
- https://exchange.xforce.ibmcloud.com/vulnerabilities/140368